New 70-640 Exam Questions Updated Today! PassLeader just released the latest Microsoft 70-640 pdf and vce exam dumps(Now Total 651q) with all new exam questions, which will help you 100% passing the newest 70-640 exam. This new questions are exactly the same as real test’s. Now visit passleader.com to get the newest 651q 70-640 pdf or vce exam dumps with 10% discount and FREE VCE TEST SOFTWARE!

QUESTION 381ABC.com has an Active Directory forest on a single domain. The domain operates Windows Server 2008. A new administrator accidentally deletes the entire organizational unit in the Active Directory database that hosts 6000 objects. You have backed up the system state data using third-party backup software. To restore backup, you start the domain controller in the Directory Services Restore Mode (DSRM). You need to perform an authoritative restore of the organizational unit and restore the domain controller to its original state. Which three actions should you perform?

Answer:

QUESTION 382You have a single Active Directory domain. All domain controllers run Windows Server 2008 and are configured as DNS servers. The domain contains one Active Directory-integrated DNS zone. You need to ensure that outdated DNS records are automatically removed from the DNS zone. What should you do?

A. From the properties of the zone, modify the TTL of the SOA record.B. From the properties of the zone, enable scavenging.C. From the command prompt, run ipconfig /flushdns.D. From the properties of the zone, disable dynamic updates.

Answer: B

QUESTION 383Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. The Audit account management policy setting and Audit directory services access setting are enabled for the entire domain. You need to ensure that changes made to Active Directory objects can be logged. The logged changes must include the old and new values of any attributes. What should you do?

A. Run auditpol.exe and then configure the Security settings of the Domain Controllers OU.B. From the Default Domain Controllers policy, enable the Audit directory service access setting and enable directory service changes.C. Enable the Audit account management policy in the Default Domain Controller Policy.D. Run auditpol.exe and then enable the Audit directory service access setting in the Default Domain policy.

Answer: A

QUESTION 384Your company, Contoso Ltd has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com. The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone. You install a new domain controller named DC2 in the branch office. You install DNS on DC2. You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails. What should you do?

A. Create a new stub zone named ad.contoso.com on DC2.B. Create a new standard secondary zone named ad.contoso.com on DC2.C. Configure the DNS server on DC2 to forward requests to DC1.D. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.

Answer: D

QUESTION 385Your company has a server that runs an instance of Active Directory Lightweight Directory Service (AD LDS). You need to create new organizational units in the AD LDS application directory partition. What should you do?

A. Use the dsmod OU <OrganizationalUnitDN> command to create the organizational units.B. Use the Active Directory Users and Computers snap-in to create the organizational units on the AD LDS application directory partition.C. Use the dsadd OU <OrganizationalUnitDN> command to create the organizational units.D. Use the ADSI Edit snap-in to create the organizational units on the AD LDS application directory partition.

Answer: D

QUESTION 386Your company has an Active Directory domain. The company has two domain controllers named DC1 and DC2. DC1 holds the Schema Master role. DC1 fails. You log on to Active Directory by using the administrator account. You are not able to transfer the Schema Master operations role. You need to ensure that DC2 holds the Schema Master role. What should you do?

A. Configure DC2 as a bridgehead server.B. On DC2, seize the Schema Master role.C. Log off and log on again to Active Directory by using an account that is a member of the Schema Administrators group. Start the Active Directory Schema snap-in.D. Register the Schmmgmt.dll. Start the Active Directory Schema snap-in.

Answer: B

QUESTION 387Your company has an Active Directory forest that runs at the functional level of Windows Server 2008. You implement Active Directory Rights Management Services (AD RMS). You install Microsoft SQL Server 2005. When you attempt to open the AD RMS administration Web site, you receive the following error message: “SQL Server does not exist or access denied.” You need to open the AD RMS administration Web site. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

QUESTION 388Your network consists of an Active Directory forest that contains one domain named contoso.com. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You have two Active Directory-integrated zones: contoso.com and nwtraders.com. You need to ensure a user is able to modify records in the contoso.com zone. You must prevent the user from modifying the SOA record in the nwtraders.com zone. What should you do?

A. From the Active Directory Users and Computers console, run the Delegation of Control Wizard.B. From the Active Directory Users and Computers console, modify the permissions of the Domain Controllers organizational unit (OU).C. From the DNS Manager console, modify the permissions of the contoso.com zone.D. From the DNS Manager console, modify the permissions of the nwtraders.com zone.

Answer: C

QUESTION 389Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information is highly available. What should you do?

A. Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.B. Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).C. Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.D. Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.

Answer: C

QUESTION 390You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an enterprise root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do?

QUESTION 391Your company has an Active Directory domain. A user attempts to log on to a computer that was turned off for twelve weeks. The administrator receives an error message that authentication has failed. You need to ensure that the user is able to log on to the computer. What should you do?

A. Run the netsh command with the set and machine options.B. Reset the computer account. Disjoin the computer from the domain, and then rejoin the computer to the domain.C. Run the netdom TRUST /reset command.D. Run the Active Directory Users and Computers console to disable, and then enable the computer account.

Answer: B

QUESTION 392Your company has an Active Directory forest that contains a single domain. The domain member server has an Active Directory Federation Services (AD FS) role installed. You need to configure AD FS to ensure that AD FS tokens contain information from the Active Directory domain. What should you do?

A. Add and configure a new account partner.B. Add and configure a new resource partner.C. Add and configure a new account store.D. Add and configure a Claims-aware application.

Answer: C

QUESTION 393You network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to reset the Directory Services Restore Mode (DSRM) password on a domain controller. What tool should you use?

QUESTION 394Your company has a main office and a branch office. You deploy a read-only domain controller (RODC) that runs Microsoft Windows Server 2008 to the branch office. You need to ensure that users at the branch office are able to log on to the domain by using the RODC. What should you do?

A. Add another RODC to the branch office.B. Configure a new bridgehead server in the main office.C. Decrease the replication interval for all connection objects by using the Active Directory Sites and Services console.D. Configure the Password Replication Policy on the RODC.

Answer: D

QUESTION 395Your network contains a single Active Directory domain. The functional level of the forest is Windows Server 2008. The functional level of the domain is Windows Server 2008 R2. All DNS servers run Windows Server 2008. All domain controllers run Windows Server 2008 R2. You need to ensure that you can enable the Active Directory Recycle Bin. What should you do?

A. Change the functional level of the forest.B. Change the functional level of the domain.C. Modify the Active Directory schema.D. Modify the Universal Group Membership Caching settings.

A. Run dcgpofix.exe /target:dc.B. Run dcgpofix.exe /target:domain.C. Delete the link for the Default Domain Controllers Policy, and then run gpupdate.exe /sync.D. Delete the link for the Default Domain Controllers Policy, and then run gpupdate.exe /force.

Answer: A

QUESTION 397Your network contains an Active Directory domain. The domain contains two Active Directory sites named Site1 and Site2. Site1 contains two domain controllers named DC1 and DC2. Site2 contains two domain controller named DC3 and DC4. The functional level of the domain is Windows Server 2008 R2. The functional level of the forest is Windows Server 2003. Active Directory replication between Site1 and Site2 occurs from 20:00 to 01:00 every day. At 07:00, an administrator deletes a user account while he is logged on to DC1. You need to restore the deleted user account. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A. On DC1, run the Restore-ADObject cmdlet.B. On DC3, run the Restore-ADObject cmdlet.C. On DC1, stop Active Directory Domain Services, restore the System State, and then start Active Directory Domain Services.D. On DC3, stop Active Directory Domain Services, perform an authoritative restore, and then start Active Directory Domain Services.

Answer: D

QUESTION 398Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2. You perform a full backup of the domain controllers every night by using Windows Server Backup. You update a script in the SYSVOL folder. You discover that the new script fails to run properly. You need to restore the previous version of the script in the SYSVOL folder. The solution must minimize the amount of time required to restore the script. What should you do first?

A. Run the Restore-ADObject cmdlet.B. Restore the system state to its original location.C. Restore the system state to an alternate location.D. Attach the VHD file created by Windows Server Backup.

Answer: D

QUESTION 399Your network contains an Active Directory domain. You need to restore a deleted computer account from the Active Directory Recycle Bin. What should you do?

A. From the command prompt, run recover.exe.B. From the command prompt, run ntdsutil.exe.C. From the Active Directory Module for Windows PowerShell, run the Restore-Computer cmdlet.D. From the Active Directory Module for Windows PowerShell, run the Restore-ADObject cmdlet.

Answer: D

QUESTION 400You need to back up all of the group policies in a domain. The solution must minimize the size of the backup. What should you use?